]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3896e74)
- MFT: Fixed segmentation fault when reading rows
authorTimm Friebe <thekid@php.net>
Wed, 16 Jun 2010 09:49:25 +0000 (09:49 +0000)
committerTimm Friebe <thekid@php.net>
Wed, 16 Jun 2010 09:49:25 +0000 (09:49 +0000)
# Problem surfaces when using FreeTDS, ASE 12.5 and reading text fields
# with NULL values. This is essentially a workaround for a bug in Free-
# TDS which is not setting the NULL indicators correctly, but provides
# a protection against possible segfaults if any other driver ever does
# this again:-)

ext/sybase_ct/php_sybase_ct.c patch | blob | history

diff --git a/ext/sybase_ct/php_sybase_ct.c b/ext/sybase_ct/php_sybase_ct.c
index afc253791423e68d114e9dccfbbc531abc31e459..3b11af25f9923820b56393f8095f14ed6cf1090a 100644 (file)
--- a/ext/sybase_ct/php_sybase_ct.c
+++ b/ext/sybase_ct/php_sybase_ct.c
@@ -1248,8 +1248,17 @@ static int php_sybase_fetch_result_row (sybase_result *result, int numrows)
                                        }
                                        
                                        default: {
-                                               /* This indicates anything else, return it as string */
-                                               ZVAL_STRINGL(&result->data[i][j], result->tmp_buffer[j], result->lengths[j]- 1, 1);
+                                               /* This indicates anything else, return it as string
+                                                * FreeTDS doesn't correctly set result->indicators[j] correctly
+                                                * for NULL fields in some version in conjunction with ASE 12.5
+                                                * but instead sets result->lengths[j] to 0, which would lead to
+                                                * a negative memory allocation (and thus a segfault).
+                                                */
+                                               if (result->lengths[j] < 1) {
+                                                       ZVAL_NULL(&result->data[i][j]);
+                                               } else {
+                                                       ZVAL_STRINGL(&result->data[i][j], result->tmp_buffer[j], result->lengths[j]- 1, 1);
+                                               }
                                                break;
                                        }
                                }
Unnamed repository; edit this file 'description' to name the repository.